Currently Browsing: Fortinet

Fortigate CFG_CMDBAPI_ERR Error



It seems there is a new error that i found on a few Fortigate firewalls: CFG_CMDBAPI_ERR


To fix the issue you can do 2 things:

1. Upgrade the Fortigate to the latest version

2. Reboot the IPS of the Fortigate (this is was it causing the issue). Below is the command(through CLI):

diagnose test application ipsmonitor 99


Hope it helps!

Fortigate FortiOS 5 preview


I have found the following video on Youtube that presents the FortiOS 5 in 5 minutes.

The new features look really good.

Check it out:

What do you think?!

Fortinet Useful Links


I have a list of websites that i often search to find solutions or news about Fortinet.
Below is the link list, with some description:

1. -> Yea, i often use this if i forget some troubleshooting commands
2. -> A lot of good articles related to Fortigate problems
3. -> A list with all the FREE books Fortinet provides for its different appliances
4. -> used for Hardware Troubleshooting
5. -> If you found an URL that is put in a wrong category, here you can request a fix
6. -> here you can find a lot of useful and FREE Fortigate webinars

That is it.

Hope you enjoy them.

Creating a Fortigate VPN



In this post i will show you how to create a policy based Fortigate VPN. I will be using FortiOS version 4.0 MR3.

For the VPN tunnel we used the following topology:

[singlepic id=17 w=320 h=240 float=]

Creating Fortigate VPN Steps:

I. Go to VPN > IPsec ->Auto Key (IKE) and select “Create Phase 1

[singlepic id=14 w=320 h=240 float=]


Fortigate Directory Services Authentication

The Fortinet Firewall is capable of integrating with the Microsoft Active directory.

It can use the following Methods:

I. Fortigate FSAE/FSSO

This feature provides a transparent authentication for the users.


In the older version you can fin it named as FortinetFSAE, but in the new versions it appears are Fortinet FSSO.

The Fortigate FSAE/FSSO is composed of the following 2 softwares:

1. Domain Controller Agent

This software monitors the user login. This software is deployed on the Domain Controllers of the users domain. You can find it in C:\Windows\System32\dcagent.dll